oauth_body_hash isn't official OAuth 1.0a and you should not be including it in your signature base string, POST parameters, authorization header, or otherwise. While it may not be causing your problem, it also might not be helping.
It's best for you to use authorization headers instead of using query parameters or the POST body to send the oauth_* parameters -- it separates concerns dramatically. To David's point, have you been granted access to the site streams beta? Have you examined the message attached with the 401 -- what does that message say? @episod <http://twitter.com/episod> - Taylor Singletary On Sun, May 15, 2011 at 4:53 PM, David <[email protected]> wrote: > HI Michael, > > The Site Streams endpoint is currently in beta and only available to > whitelisted users - has your app account @username been approved? > > Best, > David > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: > https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
